If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Metasploit Exploits written in C it needs Ruby

Hi

now straight off the bat I know how noobish this post is, but there would be a lot of starters up who would be thinking the same thing - perhaps without even realising it ----- but they are still wondering the same thing ----- Don't know how since they realise it but they are but I digress

not using ubuntu

I'm not actually using Ubunutu with Metasploit, I just did a scan and discovered a critical vulnerability and would like to exploit it

as for compiliing the vulnerability - use gcc? can I just use an exploit compiled with C? does that result in a .exe file creation? that answers some questions if I could have some clarification...

Also where does that leave the ruby exploits? where do I find them on the web - it seems Milw0rm exploits SecFocus etc are C so again when I find an evil exploit to launch against my boxes to make them do my evil bidding or how do I compile them?

I noticed in another thread something about a SVN update is this how we get all of the exploits? ok not all but the later ones?

as for compiliing the vulnerability - use gcc? can I just use an exploit compiled with C? does that result in a .exe file creation? that answers some questions if I could have some clarification...

gcc is a program that will compile C programs for you, it creates a file that you can run in linux. For example:

gcc -c ubuntu.c -o ubuntuexploit

this will take a c program and output an executable called ubuntuexploit. From a linux box, you can then simply type ./ubuntuexploit <options>

Most exploits on the web will be written in C, Perl, Phython, C++, VB.net, etc. I havent seen to many exploits written in ruby, so you'll have to wait for metasploit to release the exploits, or compile the C exploits as noted in the example above. Or you can learn how to program in Ruby and then rewrite the exploits in ruby, and add them to your metasploit framework.

ok so these are the errors i'm getting ----- am I supposed to delete any parts of this? input variables? Really I am sorry but i'm just trying to get my head around these exploits.........are all the exploits needing variables input?

In my experience there are very few exploits that you just compile and use, most publicly available exploit code needs re-writing / tweaking to suit your needs.... you may want to read a book on programming.

I know this sounds unhelpful, but the problems your getting compiling this exploit code... will be different for the next. A better understanding of the principles is what you need if you really want to get your head around it.